Add support for the Zvkned extension #234
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…iscv#191) * V extension general framework and configuration setting instructions * Update model/riscv_insts_vext_utils.sail fix a typo Co-authored-by: Nicolas Brunie <nibrunie@gmail.com> Signed-off-by: BrighterW <xinlai.w@rioslab.org> * Update model/riscv_insts_vext_vset.sail * Revisions after Nov 22 meeting * Update effect matching for functions in riscv_vlen.sail * Fix code formatting issues * Update model/riscv_insts_vext_utils.sail Co-authored-by: Jessica Clarke <jrtc27@jrtc27.com> Signed-off-by: Xinlai Wan <xinlai.w@rioslab.org> * Fix coding style issues * Update vset instructions Signed-off-by: BrighterW <xinlai.w@rioslab.org> Signed-off-by: Xinlai Wan <xinlai.w@rioslab.org> Co-authored-by: Nicolas Brunie <nibrunie@gmail.com> Co-authored-by: Jessica Clarke <jrtc27@jrtc27.com>
* Add vector load / store instructions * Modify the implementation of SEW, LMUL, VLEN and avoid real numbers in the code * Update vstart setting in vector load / store instructions * Remove unnecessary assert statements in vector instructions * Fix bugs in vleff instructions and revise coding styles * Add guards for vector encdec clauses, Avoid redundant memory access after vector load/store failure
* Add vector arithmetic & mask instructions * Update vector EEW and EMUL checking function * Add vector instruction illegal check functions * Adjust code formatting for vector instruction illegal check functions Merge approved by team at tech-golden-model meeting on 2023-03-14.
|
Updated the PR:
This update is adjusting the implementation to match the Spike implenentation and as a follow-up, ACT Signatures matching. |
* Add vector floating-point instructions * Update vector floating-point conversion instructions * Update copyright headers for vector extension code --------- Co-authored-by: xwan <xinlai.wan@rivai.ai>
|
Rebased from |
Comment on lines
+12
to
+14
| function zvk_check_elements(VLEN, num_elem, LMUL, SEW) = { | ||
| ((unsigned(vl)%num_elem) != 0) | ((unsigned(vstart)%num_elem) != 0) | (LMUL*VLEN) < (num_elem*SEW) | ||
| } |
There was a problem hiding this comment.
SAIL newbie question: the vector crypto spec distinguishes illegal cases ((LMUL*VLEN) < (num_elem*SEW)) and reserved cases (((unsigned(vl)%num_elem) != 0) | ((unsigned(vstart)%num_elem) != 0)) (which can legally raise an illegal exception or not). Does this difference is required in the sail model ?
|
I would argue that it does if we want to be able to test that DUTs that
support either behavior do so correctly.
This is an Archie rural option, and the Sail model should support ALL
architectural options.
…On Thursday, May 25, 2023, Nicolas Brunie ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In model/riscv_insts_zvkned.sail
<#234 (comment)>:
> @@ -0,0 +1,550 @@
+/*
+ * Vector Cryptography Extension - NIST Suite: Vecttor AES Block Cipher
⬇️ Suggested change
- * Vector Cryptography Extension - NIST Suite: Vecttor AES Block Cipher
+ * Vector Cryptography Extension - NIST Suite: Vector AES Block Cipher
------------------------------
In model/riscv_insts_zvkned.sail
<#234 (comment)>:
> +function zvk_check_elements(VLEN, num_elem, LMUL, SEW) = {
+ ((unsigned(vl)%num_elem) != 0) | ((unsigned(vstart)%num_elem) != 0) | (LMUL*VLEN) < (num_elem*SEW)
+}
SAIL newbie question: the vector crypto spec distinguishes illegal cases ((LMUL*VLEN)
< (num_elem*SEW)) and reserved cases (((unsigned(vl)%num_elem) != 0) |
((unsigned(vstart)%num_elem) != 0)) (which can legally raise an illegal
exception or not). Does this difference is required in the sail model ?
------------------------------
In model/riscv_insts_zvkned.sail
<#234 (comment)>:
> +
+function clause execute (RISCV_VAESEF(vs2, vd, suffix)) = {
+ let SEW = get_sew();
+ let LMUL_pow = get_lmul_pow();
+ let LMUL = if LMUL_pow < 0 then 0 else LMUL_pow;
+ let VLEN = int_power(2, get_vlen_pow());
+ let num_elem = get_num_elem(LMUL_pow, SEW);
+
+ if (zvk_check_elements(VLEN, num_elem, LMUL, SEW) == false)
+ then {
+ handle_illegal();
+ RETIRE_FAIL
+ } else {
+ let 'n = num_elem;
+ let 'm = SEW;
+ assert('m == 32);
what is the difference between the assert here and the handle_illegal
before ? (Are they both equivalent to raising the illegal instruction
exception or is it assumed SEW should be equal to 32 by that point and else
the illegal instruction exception was raised before ?)
—
Reply to this email directly, view it on GitHub
<#234 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHPXVJQ77OKGRP7KNAMEQLTXH64XBANCNFSM6AAAAAAWFGXXLI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Comment on lines
+66
to
+68
| vd_state : bits(128) = undefined; | ||
| vs2_key : bits(128) = undefined; | ||
|
|
There was a problem hiding this comment.
Would it make sense to define both vd_state and vs2_key within the scope of the foreach since they are only used in the loop body and their live range does not exceed one iteration ?
There was a problem hiding this comment.
ACK., good catch!
There was a problem hiding this comment.
There are reserved encodings for the .vs form (for example when vs2 scalar element groups overlaps the vd register group), where would such constraint appear in the SAIL code ?
There was a problem hiding this comment.
I'm handling he .vs && .vv forms conditionally using the suffix of each instruction.
if suffix == "vv" then { ... } else { ... }But I might misunderstood this one.
|
|
||
| val zvk_check_elements : (int, int, int, int) -> bool | ||
| function zvk_check_elements(VLEN, num_elem, LMUL, SEW) = { | ||
| ((unsigned(vl)%num_elem) != 0) | ((unsigned(vstart)%num_elem) != 0) | (LMUL*VLEN) < (num_elem*SEW) |
There was a problem hiding this comment.
the last term looks suspicious, is it trying to implement EGW <= VLEN * LMUL / EGS <= VLMAX ?
If so I do not think this is correct, for example I don't understand how the EGS / EGW is injected. Could a comment be added to explain which checks this function is supposed to perform ?
There was a problem hiding this comment.
This is implementing the following found in the specification, Version v0.4.2, 03 March, 2023.
if( ((vl%EGS)<>0) | ((vstart%EGS)<>0) | (LMUL*VLEN < EGW)) then {
handle_illegal(); // illegal instruction exception
RETIRE_SUCCESS
} else {
. . .
There was a problem hiding this comment.
How is EGW derived from num_elen * SEW ?
There was a problem hiding this comment.
From the Vector Crypto Spec we have,
• Element Group Width (EGW) - total number of bits in an element group
• Effective Element Width (EEW) - number of bits in each element
• Element Group Size (EGS) - number of elements in an element group
For all of the vector crypto instructions in this specification, EEW=SEW.
So here we're doing EGS * EEW, given the above:
- num_elem = EGS
- SEW = EEW
There was a problem hiding this comment.
Sorry but I am still missing something, it looks like num_elem comes from get_num_elem and I do not get how EGS appears here:
$ git grep -A8 "fun.*get_num_elem" *.sail
model/riscv_vext_regs.sail:function get_num_elem(LMUL_pow, SEW) = {
model/riscv_vext_regs.sail- let VLEN = int_power(2, get_vlen_pow());
model/riscv_vext_regs.sail- let LMUL_pow_reg = if LMUL_pow < 0 then 0 else LMUL_pow;
model/riscv_vext_regs.sail- /* Ignore lmul < 1 so that the entire vreg is read, allowing all masking to
model/riscv_vext_regs.sail- * be handled in init_masked_result */
model/riscv_vext_regs.sail- let num_elem = int_power(2, LMUL_pow_reg) * VLEN / SEW;
model/riscv_vext_regs.sail- assert(num_elem > 0);
model/riscv_vext_regs.sail- num_elem
model/riscv_vext_regs.sail-}
There was a problem hiding this comment.
I'll analyse this SAIL internal first and reach back. I'm positive get_num_elem returns the correct value, but a double-check is not a problem.
|
@charmitro , when I tried to build this branch, I get the following error: Do you know if this is a known issue ? |
I can't seem to reproduce it on my side. Could it be a problem in the upstream |
* Add vector mask and reduction instructions * Fix register overlap check in vector mask instructions --------- Co-authored-by: xwan <xinlai.wan@rivai.ai>
To support the implementation of Zvkned extension in SAIL, this creates the necessary infrastructure(i.e., a file to hold it, and the extension macro), preparing the tree for the Zvkned implementation. Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
All of the instructions that were introduced in the Zvk* extensions, use a common logic that can be implemented in functions in order to reuse them when needed and avoid duplicate code. Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaesef.vv|vs" instruction performs the final-round encryption of the AES block cipher. The "SubBytes" and "ShiftRows" steps are applied to each round state element group from "vd". This is then XORed with the corresponding round key element group in "vs2"(vector-vector form) or the scalar element group in "vs2"(vector-scalar form). Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaesem.vv|vs" instruction performs the middle-round encryption of the AES block cipher. The "SubBytes", "ShiftRows" and "MixColumns" steps are applied to each round state element group from "vd". This is then XORed with the corresponding round key element group in "vs2"(vector-vector form) or the scalar element group in "vs2"(vector-scalar form). Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaesdf.vv|vs" instruction performs a final-round decryption of the AES block cipher. The "InvShiftRows" and "InvSubBytes" steps are applied to each round state element group from "vd". This is then XORed with the corresponding round key element group in "vs2"(vector-vector form) or the scalar element group in "vs2"(vector-scalar form). Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaesdm.vv|vs" instruction performs the middle-round decryption of the AES block cipher. The "InvShiftRows" and "InvSubBytes" steps are applied to each round state element group from "vd". This is then XORed with the corresponding round key element group in "vs2"(vector-vector form) or the scalar element group in "vs2"(vector-scalar form). Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaeskf1.vi" instruction performs a single round of the forward AES-128 KeySchedule generation. The next round key is generated word by word from the current round key element group in "vs2" and the immediately previous word of the round key. The least significant word is generated using the most significant word of the current round key as well as a round constant which is selected by the round number. The round number(ranges 1-10), comes from imm[3:0]; imm[4] is ignored. We project out-of-range immediates onto in-range values by inverting imm[3]. Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
added 4 commits
July 11, 2023 09:15
The "vaeskf2.vi" instruction performs a single round of the forward AES-256 KeySchedule generation. The next round key is generated word by word from the previous round key element group in "vd" and the immediately previous word of the round key. The least significant word of the next round key is generated by applying a function to the most significant word of the current round key and then XORing the result with the round constant. The round number is used to select the round constant as well as the function. The round number(ranges 2-14), comes from imm[3:0]; imm[4] is ignored. We project out-of-range immediates into in-range values by inverting imm[3]. Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
The "vaesz.vs" instruction performs a round zero encryption/decryption This instruction is only available in ".vs" form. The new round state output of each element group is produced by XORing the round key "vs2" with each element group of "vd". Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
…decode_rcon Signed-off-by: Charalampos Mitrodimas <charalampos.mitrodimas@vrull.eu>
billmcspadden-riscv
force-pushed
the
vector-dev
branch
from
e23be60
to
118ad66
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements the Zvkned (NIST Suite: Vector AES Block Cipher) extension, as of version Draft: 20230303
.
The following instructions are included:
All instructions were tested with VLEN=128 and results were compared with QEMU results of each instruction.
Current revision is rebased with the latest changes of
vector-devbranch.Note
It's better to merge all of Zvk extension support PRs in the created order, as this is going to create conflicts and it would be easier to resolve them.